OneLogin, a company that sells software that claims to be a secure way for companies to use multiple cloud applications, has experienced a scary-looking data breach, the company disclosed on its corporate blog on Wednesday.
Identity management and Single Sign-On vendor OneLogin has reported an unauthorized access issue, which may have compromised customer data. Not anymore. OneLogin has posted a note on its website, which is a good thing, in which it explains that it is shocked and that it has called in the police already. The company added it had since blocked the access, and had reached out to impacted customers, though it hasn't revealed how many were affected.
Published reports, however, say OneLogin informed customers that the hackers indeed got that capability. During the security breach, private information about users, apps, and various keys may have been obtained by the still unknown hackers.
"Am I the only 1 to find it disturbing OneLogin had a decryption method for customer data accessible enough to be grabbed via breach?" said one user on Twitter.
In addition to forcing a password reset the company is also instructing customers carry out a lengthy list of actions, including generating new certificates for apps that use SAML SSO - a standard for logging users into apps based on their sessions. "While we encrypt certain sensitive data at rest, at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data".
"Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US".
More in-depth instructions for account security can be found here.
OneLogin describes its investigation into the attack as 'ongoing, ' and including the involvement of independent third-party security experts and law enforcement.
Services like OneLogin can make it easier for companies and individual users to manage multiple logins and passwords.
OneLogin has confirmed that it detected unauthorised access in the company's USA data region.